diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2024-12-13 15:15:49 +0100 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2024-12-17 13:44:24 +0000 |
| commit | c8c15bb214509bafc8fe1a1e3abb8ccf90b3306e (patch) | |
| tree | ca722a71aff5a1566389f178d9c95d7d7e8caeed /tools/syz-declextract/testdata | |
| parent | bc1a1b50f942408a9139887b914f745d9fa02adc (diff) | |
tools/syz-declextract: infer argument/field types
Use data flow analysis to infer syscall argument, return value,
and struct field types.
See the comment in pkg/declextract/typing.go for more details.
Diffstat (limited to 'tools/syz-declextract/testdata')
| -rw-r--r-- | tools/syz-declextract/testdata/functions.c | 45 | ||||
| -rw-r--r-- | tools/syz-declextract/testdata/functions.c.info | 2 | ||||
| -rw-r--r-- | tools/syz-declextract/testdata/functions.c.json | 231 | ||||
| -rw-r--r-- | tools/syz-declextract/testdata/functions.c.txt | 2 | ||||
| -rw-r--r-- | tools/syz-declextract/testdata/types.c | 11 | ||||
| -rw-r--r-- | tools/syz-declextract/testdata/types.c.json | 105 |
6 files changed, 388 insertions, 8 deletions
diff --git a/tools/syz-declextract/testdata/functions.c b/tools/syz-declextract/testdata/functions.c index 675489432..fd06fb455 100644 --- a/tools/syz-declextract/testdata/functions.c +++ b/tools/syz-declextract/testdata/functions.c @@ -11,15 +11,52 @@ static void func_bar() { func_foo(); } -void func_baz(int f) { +int alloc_fd() { + return 1; +} + +void __fget_light(int fd) { +} + +int from_kuid() { + return 1; +} + +int func_baz(int f) { func_foo(); if (f) func_bar(); if (__builtin_constant_p(f)) func_bar(); + if (f) + return from_kuid(); + return alloc_fd(); +} + +int func_qux() { + int fd = alloc_fd(); + return fd; +} + +SYSCALL_DEFINE1(functions, long x) { + __fget_light(x); + return func_baz(1); +} + +struct Typed { + int a; + int b; + int c; +}; + +int typing1(int a, int b) { + return a; } -SYSCALL_DEFINE1(functions) { - func_baz(1); - return 0; +int typing(struct Typed* t1, int i) { + struct Typed t2; + t2.a = t1->b; + int l = typing1(i, t2.a); + t1->c = l; + return l; } diff --git a/tools/syz-declextract/testdata/functions.c.info b/tools/syz-declextract/testdata/functions.c.info index 0101daf12..2e2720113 100644 --- a/tools/syz-declextract/testdata/functions.c.info +++ b/tools/syz-declextract/testdata/functions.c.info @@ -1 +1 @@ -SYSCALL functions func:__do_sys_functions loc:8 access:unknown manual_desc:false auto_desc:true file:functions.c subsystem:kernel +SYSCALL functions func:__do_sys_functions loc:13 access:unknown manual_desc:false auto_desc:true file:functions.c subsystem:kernel diff --git a/tools/syz-declextract/testdata/functions.c.json b/tools/syz-declextract/testdata/functions.c.json index 8a1fd4ee1..eb1b3b880 100644 --- a/tools/syz-declextract/testdata/functions.c.json +++ b/tools/syz-declextract/testdata/functions.c.json @@ -5,10 +5,48 @@ "file": "functions.c", "loc": 2, "calls": [ + "__fget_light", "func_baz" + ], + "facts": [ + { + "src": { + "argument": { + "func": "__do_sys_functions", + "arg": 0 + } + }, + "dst": { + "argument": { + "func": "__fget_light", + "arg": 0 + } + } + }, + { + "src": { + "return": { + "func": "func_baz" + } + }, + "dst": { + "return": { + "func": "__do_sys_functions" + } + } + } ] }, { + "name": "__fget_light", + "file": "functions.c" + }, + { + "name": "alloc_fd", + "file": "functions.c", + "loc": 1 + }, + { "name": "atomic_load32", "file": "include/types.h", "is_static": true, @@ -20,6 +58,11 @@ "loc": 1 }, { + "name": "from_kuid", + "file": "functions.c", + "loc": 1 + }, + { "name": "func_bar", "file": "functions.c", "is_static": true, @@ -31,21 +74,205 @@ { "name": "func_baz", "file": "functions.c", - "loc": 5, + "loc": 8, "calls": [ "func_foo", - "func_bar" + "func_bar", + "from_kuid", + "alloc_fd" + ], + "facts": [ + { + "src": { + "return": { + "func": "from_kuid" + } + }, + "dst": { + "return": { + "func": "func_baz" + } + } + }, + { + "src": { + "return": { + "func": "alloc_fd" + } + }, + "dst": { + "return": { + "func": "func_baz" + } + } + } ] }, { "name": "func_foo", "file": "functions.c", "is_static": true + }, + { + "name": "func_qux", + "file": "functions.c", + "loc": 2, + "calls": [ + "alloc_fd" + ], + "facts": [ + { + "src": { + "return": { + "func": "alloc_fd" + } + }, + "dst": { + "local": { + "name": "fd" + } + } + }, + { + "src": { + "local": { + "name": "fd" + } + }, + "dst": { + "return": { + "func": "func_qux" + } + } + } + ] + }, + { + "name": "typing", + "file": "functions.c", + "loc": 5, + "calls": [ + "typing1" + ], + "facts": [ + { + "src": { + "argument": { + "func": "typing", + "arg": 1 + } + }, + "dst": { + "argument": { + "func": "typing1", + "arg": 0 + } + } + }, + { + "src": { + "field": { + "struct": "Typed", + "field": "a" + } + }, + "dst": { + "argument": { + "func": "typing1", + "arg": 1 + } + } + }, + { + "src": { + "field": { + "struct": "Typed", + "field": "b" + } + }, + "dst": { + "field": { + "struct": "Typed", + "field": "a" + } + } + }, + { + "src": { + "local": { + "name": "l" + } + }, + "dst": { + "field": { + "struct": "Typed", + "field": "c" + } + } + }, + { + "src": { + "return": { + "func": "typing1" + } + }, + "dst": { + "local": { + "name": "l" + } + } + }, + { + "src": { + "local": { + "name": "l" + } + }, + "dst": { + "return": { + "func": "typing" + } + } + } + ] + }, + { + "name": "typing1", + "file": "functions.c", + "loc": 1, + "facts": [ + { + "src": { + "argument": { + "func": "typing1", + "arg": 0 + } + }, + "dst": { + "return": { + "func": "typing1" + } + } + } + ] } ], "syscalls": [ { "func": "__do_sys_functions", + "args": [ + { + "name": "x", + "counted_by": -1, + "type": { + "int": { + "byte_size": 8, + "name": "long", + "base": "long" + } + } + } + ], "source_file": "functions.c" } ] diff --git a/tools/syz-declextract/testdata/functions.c.txt b/tools/syz-declextract/testdata/functions.c.txt index cab813f8b..6dc51303b 100644 --- a/tools/syz-declextract/testdata/functions.c.txt +++ b/tools/syz-declextract/testdata/functions.c.txt @@ -8,4 +8,4 @@ include <vdso/bits.h> include <linux/types.h> include <net/netlink.h> -functions$auto() +functions$auto(x fd) fd diff --git a/tools/syz-declextract/testdata/types.c b/tools/syz-declextract/testdata/types.c index 8fc67aeb9..20f92673f 100644 --- a/tools/syz-declextract/testdata/types.c +++ b/tools/syz-declextract/testdata/types.c @@ -53,3 +53,14 @@ SYSCALL_DEFINE1(types_syscall, struct anon_struct* p, struct empty_struct* y, struct bitfields* b, int pid, fd_t f, struct various* v) { return 0; } + +void anon_flow(int x) { + struct anon_struct s; + s.a.x = x; + s.y = x; + s.w = x; + s.foo.f = x; + s.array[1].a = x; + s.ptr->a = x; + s.ptr_array[1]->b = x; +} diff --git a/tools/syz-declextract/testdata/types.c.json b/tools/syz-declextract/testdata/types.c.json index 9733798ab..a5a7088db 100644 --- a/tools/syz-declextract/testdata/types.c.json +++ b/tools/syz-declextract/testdata/types.c.json @@ -4,6 +4,111 @@ "name": "__do_sys_types_syscall", "file": "types.c", "loc": 2 + }, + { + "name": "anon_flow", + "file": "types.c", + "loc": 8, + "facts": [ + { + "src": { + "argument": { + "func": "anon_flow", + "arg": 0 + } + }, + "dst": { + "field": { + "struct": "11253655576479126316", + "field": "x" + } + } + }, + { + "src": { + "argument": { + "func": "anon_flow", + "arg": 0 + } + }, + "dst": { + "field": { + "struct": "11253655576479126318", + "field": "y" + } + } + }, + { + "src": { + "argument": { + "func": "anon_flow", + "arg": 0 + } + }, + "dst": { + "field": { + "struct": "11253655576479126319", + "field": "w" + } + } + }, + { + "src": { + "argument": { + "func": "anon_flow", + "arg": 0 + } + }, + "dst": { + "field": { + "struct": "11253655576479126309", + "field": "f" + } + } + }, + { + "src": { + "argument": { + "func": "anon_flow", + "arg": 0 + } + }, + "dst": { + "field": { + "struct": "11253655576479126322", + "field": "a" + } + } + }, + { + "src": { + "argument": { + "func": "anon_flow", + "arg": 0 + } + }, + "dst": { + "field": { + "struct": "11253655576479126323", + "field": "a" + } + } + }, + { + "src": { + "argument": { + "func": "anon_flow", + "arg": 0 + } + }, + "dst": { + "field": { + "struct": "11253655576479126324", + "field": "b" + } + } + } + ] } ], "defines": [ |